Private domain name registration

ABSTRACT

A service for protecting the privacy of domain name registrants while preserving the registrant&#39;s ability to directly change the registration information or transfer the registration. A whois record is created that reflects the registrant&#39;s actual identity but contains contact information that is entirely associated with a privacy service.

BACKGROUND OF THE INVENTION

The Internet Corporation for Assigned Names and Numbers (“ICANN”) governs the registration of certain types of domain names on the Internet. It accredits registrars and promulgates policies on domain name registration. One of its policies mandates that each registrar maintain a publicly-accessible database (a “whois” database) that lists the name of, and contact information for, each of registrants for each domain name registered at that registrar. See ICANN Registrar Accreditation Agreement, Approved May 17, 2001, Section 3.3.

An example of a portion of a domain name registration record in a whois database is shown in FIG. 1. Registrant information 101 of domain name 102 includes the registrant name 103, postal mail address 104, telephone number 105. The administrative and technical information 106 includes the administrative contact name 107 and technical contact name 108, administrative contact e-mail address 109, technical contact e-mail address 110, administrative contact telephone number 111 and technical contact telephone number 112.

A registrant may wish to keep private certain of the information that is publicly available in the whois database, such as telephone numbers, e-mail addresses, mail addresses, etc. For example, publicly available e-mail addresses in the whois database are mined by SPAMmers. As a result, such e-mail addresses can receive substantial amounts of unsolicited commercial e-mail (“SPAM”). In response to the need to keep domain name registration information private, certain registrars offer services designed to shield such information.

One known domain name registration privacy service called SPAM Shield is offered by the registrar Dotster, Inc. The SPAM Shield service replaces a registrant's e-mail address in a whois record with a SPAM Shield e-mail address. E-mail received at the SPAM Shield address is filtered for SPAM before being forwarded to an e-mail address designated by the registrant. To further confound data miners, the SPAM Shield e-mail address in the whois record is changed every ten days.

Another known domain name registration privacy service is offered by Domains by Proxy, Inc. The registrant of a domain name subscribes to the Domain by Proxy service, which replaces all of the registrant's registrant, administrative and technical information in the whois entry for the domain name registration with Domain by Proxy information. FIG. 2 shows a comparison of publicly available whois information 201 and what is shown when the registrant subscribes to the Domains by Proxy service 202. Domains by Proxy is contractually bound to the subscriber to dispose of the domain name registration in accordance with the subscriber's instructions.

The Domains by Proxy service is described in International Patent Application numbers WO 2004/029821, “Proxy E-mail Method and System” and WO 2004/021203, “Method and System for Domain Name Registration and E-mail by Proxy.” The registrant essentially transfers the domain name registration to Domains by Proxy. The registrant thereby becomes a “subscriber” to the privacy service, which is contractually bound to act at the subscriber's behest as the registrant of the domain name.

When correspondence is addressed to the registrant of the domain name, the Domains by Proxy service offers to forward it to the subscriber. First class postal mail (other than legal notices), “junk” mail or other unsolicited communications (regardless of their mode of delivery) are discarded or returned to the sender by the privacy service.

Domains by Proxy creates an e-mail address that is accessible to the subscriber for each registered domain name (“DOMAIN_NAME”) of the format DOMAIN_NAME@domainsbyproxy.com (the “DBP account”). E-mails received at each such address are either forwarded to the subscriber as-is; filtered for SPAM and forwarded; or discarded, as elected in advance by the subscriber.

When Domains by Proxy receives certified or traceable courier mail or legal notices addressed to the subscriber's contact information found in his domain name registration, it sends an e-mail message to the subscriber's DBP account. The e-mail message identifies the sender of the correspondence, the date Domains by Proxy received it, and a brief description of its contents. The subscriber is given seventy-two hours to decide whether to reject the correspondence or have it forwarded via overnight courier, facsimile, or both, at the subscriber's expense. Should the subscriber not respond to the Domains by Proxy e-mail message, Domains by Proxy attempts to contact the subscriber via telephone. If the subscriber does not respond and is unreachable, Domains by Proxy reserves the right to immediately reveal the subscriber's identity and/or cancel the subscriber's private registration service. In that case, the subscriber once again becomes the registrant of the domain name, and the whois directory reverts to displaying the registrant's true registration name and contact information, including the registrant's identity, postal address, e-mail address and phone number.

In the Domains by Proxy scheme, making changes to the domain name registration can be cumbersome because Domains by Proxy is the registrant, albeit contractually bound to act in accordance with the subscriber's instructions with regard to the domain name registration. Thus, the subscriber cannot directly make any changes to the registration or registration information, e.g., using the registrar's account management utilities. Rather, the subscriber must instruct Domains by Proxy to make any change, which Domains by Proxy must then carry out.

For example, transferring a domain name registration from a first registrar (a “Losing Registrar”) to a second registrar (a “Gaining Registrar) must be done by the administrative contact or registered name as shown in the whois record for the domain name registration. All accredited domain name registrars must comply with the ICANN Policy on Transfer of Registrations between Registrars, dated 12 Jul. 2004 (“ICANN Transfer Policy.”) The Policy states, “The Administrative Contact and the Registered Name Holder, as listed in the Losing Registrar's or applicable Registry's (where available) publicly accessible WHOIS service are the only parties that have the authority to approve or deny a transfer request to the Gaining Registrar. In the event of a dispute, the Registered Name Holder's authority supersedes that of the Administrative Contact.” ICANN Transfer Policy, Section 1.1. Ordinarily, transferring a registration is done directly by the actual registrant of the domain name.

Thus, only Domains by Proxy can transfer a domain name registration from a Losing Registrar to a Gaining Registrar. A subscriber wishing to do so must instruct Domains by Proxy to make the transfer, and provide the necessary information and authorization to Domains by Proxy. Alternatively, the subscriber can cancel its Domains by Proxy service and become the registrant for the domain name, and then transfer the domain name registration himself. However, in so doing, his registration information will become publicly available in the whois record for the domain name registration.

A better domain name registration privacy system would protect the registrant's sensitive information while allowing him to manipulate the registration (e.g., transfer, change registration information, etc.) directly, without proceeding through a privacy service.

SUMMARY OF THE INVENTION

In accordance with an embodiment of the present invention, each and every of the postal mail address, telephone number and e-mail address of a registrant in a whois record can all be changed to an alternate postal mail address, telephone number and e-mail address, while the registrant name in the whois record remains the actual identity of the registrant. The alternate contact information can point to a privacy service, which can handle communications addressed to such alternate contacts on behalf of the registrant. This combination can maintain the privacy of the registrant contact information, while permitting the registrant to retain control over the domain name registration, because in this way, the actual registrant (rather than a proxy service) remains the legal registrant of the domain name registration. For example, the registrant can directly approve the transfer of the registration to a Gaining Registrar in accordance with the ICANN Policy on Transfer of Registrations between Registrars. A registrant can also make changes to the registrant information listed in the whois record directly through the domain registrar's account manager, without having to act through a privacy service.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a prior art embodiment of a whois record.

FIG. 2 shows a prior art comparison of whois records using Domains by Proxy.

FIG. 3 shows a system in accordance with an embodiment of the present invention.

FIG. 4 shows a method in accordance with an embodiment of the present invention.

FIG. 5 shows a whois record in accordance with an embodiment of the present invention.

FIG. 6 is an apparatus in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION

In accordance with an embodiment of the invention, the whois record for a domain name registration is configured such that the registrant name reflects the true identity of the registrant, while the registrant contact information is entirely replaced by alternate contact information. As used herein, “contact information” includes postal mail address(es), e-mail address(es) and telephone number that are displayed in a whois record. A “contact” is an individual address displayed in a whois record, and can include a postal address, e-mail address and/or a telephone number. “Correspondence” is any communication addressed to any contact information.

The registrant's actual e-mail address can be replaced by an alternate e-mail address that can be changed periodically to defeat data miners. E-mail received at the alternate address can be filtered for SPAM and/or malicious code (such as viruses, worms, etc.) and then forwarded to an e-mail address designated by the registrant.

The registrant's postal address can be replaced by an alternate address, such as a Post Office Box maintained by a registrar. Postal mail addressed to the alternate address can be handled in accordance with any suitable regime, e.g., depending on the identity of the sender, the mode of delivery, the content of the correspondence, etc. For example, United States Postal Service (“USPS”) Certified™ and Express Mail® can be opened by the privacy service and forwarded to the registrant by a variety of methods. For example, such opened mail can be scanned and forwarded to the registrant's e-mail account electronically. Such mail can also be forwarded to a postal address designated by the registrant. Third Class and Bulk mail can be destroyed upon receipt, unopened. All other mail can be returned to the sender, unopened.

A sender list can be maintained for each registrant. The sender list can include classes of senders with forwarding instructions. For example, for postal mail, the sender list can include a “scan and forward” class; a “forward in hard copy” class; etc. The privacy service can determine what action to take with regard to a piece of correspondence based upon the class to which the sender belongs. Examples of an entry in a sender class include the full name and address of a sender; the name only of a sender; the corporate affiliation only of a sender; a geographic origin indicator of the sender (e.g., a zip code, a state, a street name, etc.) For e-mail, the sender list can include a sender e-mail address (e.g., phillipz@acme.com); a sender domain (e.g., forward all e-mail from acme.com); etc. For telephone forwarding, the sender lists can include originating telephone numbers, which can be obtained using known caller-ID technology; originating area codes, etc. If sender information for a given received communication is not included in a sender list, then a default rule can be applied, e.g., block the attempted communication with the registrant. The sender list can be implemented automatically by storing it in a database that can be automatically queried upon receipt of an e-mail or telephone call.

Similarly, a registrant can designate a code (e.g., a number) that is correlated to a rule specifying the action to take with regard to the correspondence. Such a code can be included in the postal address (e.g., attn: 14535); in the subject line of an e-mail; entered through a telephone keypad at the prompting of an Interactive Voice Response (“IVR”) system; etc. The rule associated with a code can be “forward immediately”; “forward via first class mail”; “forward via overnight courier”; etc.

The alternate telephone number displayed in the whois entry can be answered by an answering service that instructs the caller how to contact the registrant. For example, the answering service can instruct the caller to contact the registrant via a given e-mail address; a postal address; etc. The provided e-mail and/or postal addresses can be alternate addresses, such as those displayed in the whois record. Alternatively, an incoming telephone number can be forwarded using call-forwarding technology, e.g., if the incoming call originates from a number that the registrant has instructed to be forwarded to a given number. The originating number can be detected by the privacy service using caller-ID technology.

The privacy service in accordance with the present invention can be offered by a domain name registrar directly, or by a privacy service provide in conjunction with a domain name registrar. A registrant can cancel the privacy service at any time, in which case the alternate contact information in the whois record will be changed to the registrant's contact information.

An embodiment of a system in accordance with the present invention is shown in FIG. 3. A registration server 301 is coupled to a privacy server 302 and a privacy database 303. The registration server 301 can receive from an applicant 304 a request to register a domain name using a privacy service in accordance with an embodiment of the present invention. The registration server 301 can collect the applicant's 304 name and contact information, and then can register the domain name (the applicant 304 thus becomes the registrant 304) with the registrant's name and alternate contact information. A record including the registrant's 304 domain name, name, contact information and privacy services preferences can be stored at privacy database 302. The registrant's 304 preferences can include a sender list, correspondence forwarding options, alternate registrant contact information (i.e., alternate addresses at which the registrant 304 can be contacted directly), an indication as to whether the registrant 304 has elected to have the domain name registration automatically renewed, payment information (such as a credit card number), etc.

The registration server 301, privacy server 302 and privacy database 303 can each be implemented in a different computer, can be implemented in two computers, or a single computer. The functions performed by each can be implemented in any way so as best to suit the needs and capabilities of the implementer.

Privacy server 302 can include a SMTP e-mail server 305 that serves as the destination address for e-mail messages sent to an alternate e-mail address maintained by the privacy service, as well as computer software for scanning e-mail messages and their attachments to determine if an e-mail message is likely to be SPAM or if it contains malicious code. When an e-mail message is received at the e-mail server 305, the privacy server can query the privacy database 303 to determine the forwarding instructions of the registrant. If the registrant has indicated that no e-mail messages are to be forwarded, then the received e-mail message can be deleted. If the registrant has provided a forwarding e-mail address, then the e-mail server 305 can scan the e-mail. If the e-mail server 305 determines that the message is not SPAM and does not include malicious code, then the received message can be forwarded to the registrant in accordance with the registrant's instructions. If SPAM or malicious code is detected, then the message can be deleted. A message with a summary of deleted e-mail messages directed to the alternate e-mail address of the registrant can be periodically sent to the registrant.

Privacy server 302 can also include a telephone server 306 adapted to receive telephone calls directed to the alternate telephone number for a domain name registration. The telephone server 306 can include an answering service that plays a pre-recorded message directing the caller to contact the registrant via other means. It can also include an Interactive Voice Response (“IVR”) system for collecting further information from a calling party and then directing the calling party to alternate contact means, such as postal mail or e-mail. The telephone server 306 can also include call forwarding hardware and software. Upon receiving an incoming call, the telephone server 306 can query the privacy database 303 and obtain a forwarding telephone number for incoming calls to a registrant's alternate telephone number. The telephone server 306 can forward a call to another number.

If the registrant wants to modify any domain name registration information, the registrant can change the registrant name, or selectively or entirely replace any and all alternate contact information by using an account management tool 307 at the registration server 301. Similarly, the registrant can transfer the domain name registration directly by using the account management tool 307 at the registration server 301.

A privacy server system 400 in accordance with an embodiment of the present invention is shown in FIG. 4. Processor 401 can be coupled to memory 402, which can store privacy instructions 403 that can be adapted to be executed by processor 401 to perform the method in accordance with an embodiment of the present invention. For example, privacy instructions 403 executing on processor 401 can receive a request for private registration for a domain name from a registration server. The request can include the registrant's name and contact information. The executing privacy instructions 403 can cause the domain name to be registered with the registrant's name and entirely with alternate contact information. Processor 401 can be coupled to port 404.

The privacy server system can include e-mail server instructions 405 that can implement SMTP and can include e-mail scanning software that can detect SPAM 406 and/or malicious code 407. This can be implemented using the same processor 401 and memory 402 as the privacy instructions 403, or can be implemented on a separate processor and memory in communication with a privacy server processor 401 and memory 402. The e-mail server 404 can include query and forwarding instructions 408 that can query the privacy database (not shown) to discover forwarding e-mail addresses and other forwarding instructions, and can forward or delete e-mail messages. If a message received at the e-mail server 404 is discovered to be SPAM or contain malicious code, it can be deleted and not forwarded to the registrant.

The privacy server system can include telephone server instructions 409 that can receive calls made to a registrant telephone number, and can include an automatic answering service instructions 401 that deliver a message to each calling party. Telephone server instructions 409 can also include query/call forward instructions 411 that can query the privacy database (not shown) to obtain consult call-forward rules and obtain call-forward information, and then forward a call received at an alternate telephone number to a registrant telephone number. Telephone server instructions 409 can also include IVR instructions 412 that can gather additional information from a calling party. Telephone server instructions 409 can be implemented using the same processor 401 and memory 402 as used by privacy instructions 403, or may be implemented by a separate processor and memory in communication with processor 401 and memory 402.

An example of a portion of a whois record in accordance with an embodiment of the present invention is shown in FIG. 5. The actual name of the registrant is shown 501, while the contact information shown in the whois record is entirely alternate contact information 502. As can be seen from FIG. 5, the same technique in accordance with an embodiment of the present invention can be implemented for the administrative contact. That is, the administrative contact name 503 can be the actual name of the administrative contact (rather than some alternate contact information), while the rest of the administrative contact information is alternate contact information 504. Likewise, the technical contact name 505 can be the actual contact name, while the rest of the technical contact information can be alternate contact information 506.

FIG. 6 shows an embodiment of an apparatus 600 storing a data structure in accordance with an embodiment of the present invention. The apparatus includes a processor 601 coupled to memory 602 storing a whois record 603 that includes a registrant name 604 that is the actual name of a registrant of a domain name, an alternate postal address 605, an alternate e-mail address 606 and an alternate telephone number 607.

The above description is meant to illustrate and not limit the scope of the present invention, which is fully defined by the scope of the claims. Those of skill in the art will recognize that the above description includes examples of how the present invention may be implemented, and will understand from the above description how to implement other embodiments that are within the scope of the claims 

1. A method for protecting the privacy of a registrant of a domain name, comprising configuring a whois record such that the registrant name displayed in the whois record is the actual registrant name and the contact information displayed in the whois record is entirely alternate contact information.
 2. The method of claim 1, wherein correspondence received at an alternate contact is forwarded to a registrant contact in accordance with a predetermined rule.
 3. The method of claim 2, wherein postal correspondence received at an alternate contact is scanned and forwarded to a registrant e-mail address.
 4. The method of claim 1, wherein an e-mail message received at an alternate e-mail address is scanned and forwarded to a registrant e-mail address if it is determined not to be SPAM and if it is determined not to contain malicious code.
 5. An apparatus for protecting the privacy of a registrant of a domain name, comprising: a processor; a memory coupled to said processor, said memory storing a whois record for a domain name registration wherein the registrant name of the whois record is the actual registrant name and the contact information of the whois record is entirely alternate contact information.
 6. The apparatus of claim 5, wherein said instructions are further adapted to be executed by said processor to perform steps including: receiving an e-mail message addressed to an alternate e-mail address listed in a whois record; scanning the e-mail message for SPAM; and forwarding the e-mail message to an e-mail address specified by the registrant if the message is determined not to be SPAM.
 7. The apparatus of claim 5, wherein said instructions are further adapted to be executed by said processor to perform steps including: receiving an e-mail message addressed to an alternate e-mail address listed in a whois record; scanning the e-mail message to determine if the message contains malicious code; and forwarding the e-mail message to an e-mail address specified by the registrant if the message is determined not to contain malicious code.
 8. The apparatus of claim 5, wherein said instructions are further adapted to be executed by said processor to perform steps including: answering a telephone call to an alternate telephone number; and providing a prerecorded message to the calling party.
 9. A method for managing a domain name registration, comprising: receiving from an applicant a request to register a domain name; storing the name of the applicant and applicant contact information correlated with alternate contact information for the domain name registration; and causing the domain name to be registered with the applicant name as the registrant name and with contact information that is entirely alternate contact information.
 10. A medium storing instructions adapted to be executed by a processor to perform steps including configuring a whois record such that the registrant name displayed in the whois record is the actual registrant name and the contact information displayed in the whois record is entirely alternate contact information.
 11. The medium of claim 10, wherein said instructions are further adapted to be executed by said processor to forward correspondence received at an alternate contact to a registrant contact in accordance with a predetermined rule.
 12. The medium of claim 10, wherein said instructions are further adapted to be executed by said processor to scan and forward to a registrant e-mail address postal correspondence received at an alternate contact.
 13. A medium storing instructions adapted to be executed by a processor to perform steps including: receiving from an applicant a request to register a domain name; storing the name of the applicant and applicant contact information correlated with alternate contact information for the domain name registration; and causing the domain name to be registered with the applicant name as the registrant name and with contact information that is entirely alternate contact information.
 14. A system for protecting the privacy of a registrant of a domain name, comprising: means for receiving from an applicant a request to register a domain name; means for storing the name of the applicant and applicant contact information correlated with alternate contact information for the domain name registration; and means for causing the domain name to be registered with the applicant name as the registrant name and with contact information that is entirely alternate contact information.
 15. A method for protecting the privacy of a registrant of a domain name, including: sending from an applicant a request to a register a domain name; and causing the domain name to be registered with the applicant name as the registrant name and with contact information that is entirely alternate contact information.
 16. A medium storing instructions adapted to be executed by a processor to perform steps including: sending from an applicant a request to a register a domain name; and causing the domain name to be registered with the applicant name as the registrant name and with contact information that is entirely alternate contact information. 